- Department of Information Resources (DIR) Contracts – the HHS agencies’ technology contracts under $5M, are required to utilize DIR Contracts. All technology contracts exceeding the $5M are posted on the open market to obtain bid responses from any vendor that meets the requirements in the solicitation. All contract awarded are based on best value.
- HHS Agency Vendor Protests – Texas Administrative Code Ch. 391
- HHS Vendor Protests – Texas Administrative Code Ch. 392
- Informal Dispute Resolution Process
- National Institute of Governmental Purchasing (NIGP) Commodity Book
- Rate Analysis
- Texas Business Resources: COVID-19 Resources and Information
- Texas Medicaid Healthcare Partnership
- Texas Transparency: Where the Money Goes
- Vendor Drug Program
Handbooks and Policies
- Procurement and Contract Management Handbook (PDF) is the comprehensive handbook of all purchasing and contract management policies and procedures that must be followed by HHS agencies. It serves as a purchasing guide for HHS agencies and establishes requirements for interface between the Procurement and Contracting Services Division of and HHS agencies for purchases conducted by PCS on behalf of the agencies.
- State of Texas Procurement and Contract Management Guide
- HHS Vendor Interaction Policy (PDF) promotes and guides collaboration between HHS staff and the vendor community. The policy provides parameters to facilitate communication while protecting the integrity of the procurement process.
- HHS Procurement Strategic Plan — For strategic plans 2019-2023, volumes I-III.
- HHS Procurement and Contracting Improvement Plan (PDF) — Released in November 2018.
- Circular C-027 - HHS System Fraud Waste and Abuse Reporting Responsibilities and Coordination (PDF)
Information Security Resources
Data Use Agreement
A Data Use Agreement is required for all covered or governmental entities performing business associate functions or who access certain types of confidential information that have specific regulatory requirements for privacy, security and breach notification.
HHS agencies must request these entities to execute a Data Use Agreement to contractually bind the entity to regulatory requirements and enforcement capability should the entity fail to protect HHS confidential information.
Texas HHS Security and Privacy Inquiry
The Security and Privacy Inquiry questionnaire includes a list of minimum HHS information security and privacy requirements needed prior to accessing HHS confidential information. An external entity must be able to confirm all requirements are "in-place" before being considered eligible to conduct business with HHS (additional information security and privacy requirements may apply).
The Security and Privacy Inquiry (PDF) is required by federal and state law to demonstrate minimum compliance with privacy and security regulations.
It is an attachment to the Data Use Agreement and must be completed by the vendor prior to the Data Use Agreement being executed.
Supplemental Health Information Technology Guide
The Office of the National Coordinator publishes the Privacy and Security of Electronic Health Information Guide (PDF) to help healthcare providers (especially HIPAA covered entities and Medicare eligible professionals) better understand how to integrate federal health information privacy and security requirements into their practices.
Security Assessment Report and Attestation Guidance
The Security Assessment Report is used to identify and document the current risk level of HHS information resources and systems. This report details how the HHS information resources and systems comply with applicable HHS information security controls. External entities must also attest they are compliant with all HHS information security control requirements.
Completion of Cybersecurity Training for Contractors (as part of HB3834)
As defined in Section 2054.5192 of the Texas Government Code, HHS shall require any contractor with access to HHS information (data) resources and systems to complete a cybersecurity training program certified by the Department of Information Resources.
The Contractor Written Acknowledgement of Completion of Cybersecurity Training Program. This form must be completed and returned to the appropriate contract manager every new fiscal year no later than April 30th.
Find more information on the HB3834 Information Security/Cybersecurity Training Requirement for Contractors FAQ (PDF).
HHS Authorization to Operate
Texas Administrative Code 202.26, mandates a senior organizational official formally accepts responsibility of any residual risk of an HHS information system and grants authorization to operate (ATO).
A Deputy Executive Commissioner signs the ATO after an HHS information system has undergone a risk and security assessment validating the system has met and passed all security and privacy requirements to become operational.
Vendor Information Systems
The Security Assessment Report and Attestation typically satisfies the documentation of compliance with all required information security controls necessary for an ATO.
While the actual documents of the authorization package are NOT necessarily required to be submitted to HHS during the ATO, each document MUST be available upon request.
Vendors must respond to a security documentation request (necessary to confirm compliance) within 10 business days of the official request from the contract manager.
Grant and HUB Resources
DCS Service Delivery Resources
GlobalScape Navigation Help (PDF) — This document assists the SFTP (GlobalScape) user with general navigation while accessing the GlobalScape web transfer client.
Other Resources & Training
For video, recorded webinars and other training resources, visit the Vendor Training Center page.
Need More Help?
We are committed to working smart and working together for Texans. If you have additional questions about procurements, the procurement process, or need additional training, contact us at PCS_CST_HHSC@hhsc.state.tx.us.
Is there a resource missing? Contact Procurement and Contracting Communications at PCS_Communications@hhsc.state.tx.us.